nextdns-automation
Pass
Audited by Gen Agent Trust Hub on Feb 18, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
- [External Downloads] (LOW): The skill relies on an external MCP server located at 'https://rube.app/mcp'. This domain is not part of the trusted organization list, making the dependency unverifiable.
- [Indirect Prompt Injection] (LOW): The skill is vulnerable to instructions embedded in data fetched from the external MCP server.
- Ingestion points: The RUBE_SEARCH_TOOLS tool fetches dynamic schemas, tool slugs, and recommended execution plans from a remote API.
- Boundary markers: Absent. There are no instructions for the agent to use delimiters or ignore embedded instructions within the results.
- Capability inventory: The skill uses RUBE_MULTI_EXECUTE_TOOL and RUBE_REMOTE_WORKBENCH to perform operations based on dynamic input.
- Sanitization: Absent. The agent is explicitly told to follow the returned schema and recommended plans exactly.
- [Dynamic Execution] (LOW): The core workflow involves runtime discovery where tool slugs and arguments are derived from remote API calls rather than being hardcoded, which could be exploited if the remote source is compromised.
Audit Metadata